A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
also known as the million message attack (MMA).

Only users of CMS, PKCS #7, or S/MIME decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will
not be willing to process this many messages.

SSL/TLS applications are *NOT* affected by this problem since
the SSL/TLS code does not use the PKCS#7 or CMS decryption
code.

A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
also known as the million message attack (MMA).

Only users of CMS, PKCS #7, or S/MIME decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will
not be willing to process this many messages.

SSL/TLS applications are *NOT* affected by this problem since
the SSL/TLS code does not use the PKCS#7 or CMS decryption
code.

A potentially exploitable vulnerability has been discovered in the OpenSSL
function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER
format data is vulnerable. Affected functions are of the form d2i_*_bio or
d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

A potentially exploitable vulnerability has been discovered in the OpenSSL
function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER
format data is vulnerable. Affected functions are of the form d2i_*_bio or
d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.